Installing Google-authenticator in CentOS 6.3

Posted by Dark Training on September 27, 2012 tags: | security | centos | linux

I just wanted to post this because I saw some sites incorrectly stating that you need to install the epel repo, you don't.

Here is how to install the Google 2 factor application for pam

yum install gcc gcc++ make python python-devel git pam-devel

cd /tmp
git clone https://code.google.com/p/google-authenticator/
cd google-authenticator/libpam
make
make install
cd /tmp
rm -Rf google-authenticator/

To enable ssh 2 factor:

sed  -i '1 a\ auth       required     pam_google_authenticator.so' /etc/pam.d/sshd

Make sure that challenge response is listed as YES in your SSHD config

...
ChallengeResponseAuthentication yes

Login as the user you want to protect and run:

google-authenticator

nswer the questions as appropriate.

TADA! If this worked for you, feel free to let others know below.

*If you get a loop of asking for your password and verification code, you need to modify SELINUX to allow or disable it.